Intrusion Detection

[catolh]

You have to install / configure ssl and apache :

http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html

Thanks alot

[topimiring]

is there any way to automatically import honeycomb signatures to snort ?
thx

[menschtx]

bodhi,
I tried to follow your tutorial for protection, but for some reason the security level set from I believe compliance to enforce has blocked firefox 3. Is there a way to reverse this? Or clear the process and go back to the beginning?

[bodhi.zazen]

bodhi,
I tried to follow your tutorial for protection, but for some reason the security level set from I believe compliance to enforce has blocked firefox 3. Is there a way to reverse this? Or clear the process and go back to the beginning?

Are you asking about apparmor ?

[bodhi.zazen]

bodhi,
I tried to follow your tutorial for protection, but for some reason the security level set from I believe compliance to enforce has blocked firefox 3. Is there a way to reverse this? Or clear the process and go back to the beginning?

Are you asking about apparmor ?

If so see the sticky on apparmor.

sudo aa-complain firefox

[rodney757]

I was just reading this tutorial and it says to use airsnort if you use wireless. When I go to the airsnort site it says that the project is dead. Is there an alternitive I should use? Thanks

[shahin]

Is there any way to verify that my database if being populated with data? I run snort -v, and I see it capturing data. I have also set up the database, and I see the tables in it. How do I run snort to push data to the database, and then what command do I run in the database to see the data just collected please? Oh btw, the bleeding rules url does not work. Does anyone have another link where these rules can be downloaded for snort2.8.3.2?

[bodhi.zazen]

Is there any way to verify that my database if being populated with data? I run snort -v, and I see it capturing data. I have also set up the database, and I see the tables in it. How do I run snort to push data to the database, and then what command do I run in the database to see the data just collected please? Oh btw, the bleeding rules url does not work. Does anyone have another link where these rules can be downloaded for snort2.8.3.2?

I use base to look at alerts generated by snort. You can look at mysql directly or what ever you wish.

If you want to test it, hit your box (snort) with a port scanner.

Snort does not, buy default, capture all packets. To do that use wireshark.

[shahin]

Thanks bodhi. Something else is puzzling me now. I am trying to download rules. So I right clicked on the "download" link for the rule, and selected "copy link location", then I move to xterm window, and pasted the clipboard content in front of wget and pressed return. All I get is a 10K file. I seem to be able to download the same file fine using the browser. Any idea?

[shahin]

I downloaded your script, and put it in the right directory, but when I run it I see the following error from snort:

Code:

Uh, you need to tell me to do something...

Fatal Error, Quitting..

Here is where the script is:

Code:

@thunder:/etc/init.d$ ls -al snort
-r-x------ 1 root root 4077 2009-04-04 13:14 snort
@thunder:/etc/init.d$

I think the permissions and everything else is as you stated. I am not sure why I get this error.